All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Security
    •

Blue Team Tools

30 Courses
3 Labs
24 Hours
Skill IQ

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the addition of MITRE Shield, you now have a 360 degree view of attack scenarios and the data and capabilities needed to stop them.

Further details on the MITRE Shield framework can be found at https://shield.mitre.org/

Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/

Our blue team tooling courses focus on the use of a specific industry-standard, open source tool to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Knowing what a tool is and how it can be integrated into your overall enterprise security strategy will ultimately lend to your ability as an organization or an individual to defend against specific adversary activity.

Get started

Content in this path

Introduction

The first course in this series discusses the use of open source, blue team tools to fill the gaps in your enterprise security, in turn, enable your information security organization to evolve their capabilities as fast as the threat actors you are defending against.

Course

Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques

  • by Aaron Rosenmund
  • 19m
  • Dec 09, 2020

Network Analysis

In this section, you will learn about the tools associated with network analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

Network Analysis with Arkime

  • by Josh Stroschein
  • 45m
  • Dec 11, 2020
Lab

Arkime Hands-on Sandbox

  • 3h 10m
  • Aug 05, 2025
Course

Network Analysis with pfSense

  • by Joe Abraham
  • 38m
  • Feb 25, 2021
Course

Network Analysis with OPNsense

  • by Brian Dorr
  • 42m
  • Feb 13, 2023
Course

Network Analysis with Real Intelligence Threat Analytics (RITA)

  • 24m
  • Jul 10, 2023
Lab

tcpdump Hands-on Sandbox

  • 3h 10m
  • Aug 04, 2025

OS Analysis

In this section, you will learn about the tools associated with OS analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

OS Analysis with HELK

  • by Aaron Rosenmund
  • 29m
  • Jul 31, 2025
Course

OS Analysis with RegRipper

  • by Shoaib Arshad
  • 39m
  • Sep 03, 2020
Course

OS Analysis with Wazuh 4

  • by Zach Roof
  • 37m
  • Jun 08, 2022
Lab

Wazuh Hands-on Sandbox

  • 3h 10m
  • Aug 05, 2025
Course

OS Analysis with Volatility

  • by Tim Coakley
  • 27m
  • Jun 25, 2021
Course

OS Analysis with The Sleuth Kit & Autopsy

  • by Ashley Pearson
  • 15m
  • Sep 30, 2021
Course

OS Analysis with osquery

  • by Joe Abraham
  • 31m
  • Nov 20, 2021
Course

OS Analysis with OSSEC 3

  • by Michael Edie
  • 25m
  • Mar 23, 2022
Course

OS Analysis with Nagios

  • by Owen Dubiel
  • 21m
  • Dec 01, 2022
Course

OS Analysis with Artillery

  • by Matt Glass
  • 16m
  • Aug 09, 2023

Infrastructure Analysis

In this section, you will learn about the tools associated with infrastructure analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

Cloud Infrastructure Analysis with Scout Suite

  • by Guillaume Ross
  • 29m
  • Jul 31, 2025
Course

Cloud Infrastructure Analysis with Prowler

  • by Tim Coakley
  • 24m
  • Mar 11, 2021
Course

Container Infrastructure Analysis with kube-hunter

  • by Zach Roof
  • 42m
  • Jul 31, 2025
Course

Container Infrastructure Analysis with Trivy

  • by Zach Roof
  • 49m
  • Apr 20, 2021

File Analysis

In this section, you will learn about the tools associated with file analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

File Analysis with TruffleHog

  • by Tim Coakley
  • 23m
  • Apr 15, 2021
Course

File Analysis with CyberChef

  • by Owen Dubiel
  • 28m
  • Jun 17, 2025
Course

File Analysis with LOKI

  • by Brian Dorr
  • 31m
  • Aug 28, 2023

Application Analysis

In this section, you will learn about the tools associated with application analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

Application Analysis with Endlessh 1

  • by Laurentiu Raducu
  • 16m
  • Jun 08, 2022
Course

Application Analysis with ModSecurity

  • by Michael Edie
  • 24m
  • Aug 20, 2022
Course

Application Analysis with SonarQube

  • by George Smith
  • 34m
  • Sep 27, 2022
Course

Application Analysis with PacketFence

  • 17m
  • Sep 25, 2023
Course

Application Analysis with Snyk

  • by Sean Wilkins
  • 27m
  • May 21, 2025

Incident Management

In this section, you will learn about the tools associated with incident management to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

Incident Management with TheHive

  • by Nick Mitropoulos
  • 27m
  • Jan 18, 2022
Course

Incident Management with Velociraptor

  • by Brian Dorr
  • 34m
  • Dec 14, 2024

Threat Intelligence

In this section, you will learn about the tools associated with threat intelligence to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Course

Threat Intelligence with MSTICPy

  • by Ian Hellen
  • 33m
  • Apr 06, 2022
Course

Threat Intelligence with MISP

  • by Phil Chapman
  • 21m
  • Jul 13, 2022
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
What You'll Learn
  • What the function of the tool is
  • Where to get it
  • How to use the tool to fill a gap in enterprise security
Prerequisites
  • Security fundamentals
  • Ethical hacking fundamentals
  • Security testing fundamentals
Related topics
  • Red Team Tools
  • Security Architecture
  • Network Security
  • Security Assessment
  • Security Operations
  • Application Security
  • Risk Management
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Josh Stroschein
Josh Stroschein
Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineer...
Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child...
Brian Dorr
Brian Dorr
Brian Dorr is a cybersecurity professional who is very passionate about information security and teaching. Brian has served just under 20 years on Active Duty in the Army and is currently serving as a Cyber Warfare Technician who is a technical advisor and serves as a Defensive Cyber Infrastructure support for 12 teams who rely on him for his technical expertise. He also teaches and mentors cyber security students at Agusta Technical College as an Adjunct Cyber Security Instructor. Brian has led...
Shoaib Arshad
Shoaib Arshad
Shoaib is a Senior Cyber Security Professional currently based in Saudi Arabia. He has more than a decade of experience in the Information Security domain, and worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant. His certifications include GCCC, GCFE and Lead Auditor for ISO - 27001/22301/20000. He is also a member of the GIAC Advisory Board. Shoaib is passionate about teaching and finds value in sh...
Zach Roof
Zach Roof
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy...
Tim Coakley
Tim Coakley
Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at Pluralsight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases. Parallel to this Tim ran a research and development business creating solutions from design through to support resulting in some unique and niche software not developed anywhere else. Tim now works fully within t...
Ashley Pearson
Ashley Pearson
Ashley Pearson is a former system administrator turned threat hunter. She has spent the past 3 years of her 8+ year IT career specializing in cyber security. She currently works as a threat hunter and occasional incident responder or forensic analyst. She continues to feed her passion by actively participating in the InfoSec community, attending conferences, and pursuing higher education. Outside of work, Ashley enjoys running, video games, and reading.
Michael Edie
Michael Edie
Michael is a Senior Security Consultant with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates s...
Owen Dubiel
Owen Dubiel
Owen is a security practitioner at heart, who also enjoys being able to teach others about cyber security best practices and techniques. He has recently found that doing online teaching has been one of the most fulfilling experiences in his working life. He loves being able to spread the good word of security to any and all that are willing to learn it!
Matt Glass
Matt Glass
Matt Glass is a Service Delivery Manager in Naples, Italy, working as a government contractor. Matt has 17 years of IT experience in a variety of roles. Consistently finding joy in developing the skills of others and helping their careers, he joined Pluralsight in 2017 to pass on the lessons he learned. Matt is married and the father of four children.
Guillaume Ross
Guillaume Ross
Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
George Smith
George Smith
George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo...
Sean Wilkins
Sean Wilkins
Sean Wilkins, with over two decades of experience in the IT industry, serves as a distinguished networking consultant and contributor at Tech Building Blocks. His professional journey spans multiple prominent enterprises, underlining his extensive field expertise. Sean's credentials include esteemed certifications from Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). Academically, he has achieved a Master’s of Science in Information Technology, specializing in Network Architec...
Nick Mitropoulos
Nick Mitropoulos
Nick is the CEO of Scarlet Dragonfly and has numerous years of experience in security training, cyber security, incident handling, vulnerability management, security operations, threat intelligence and data loss prevention. He is a certified ISC2 & EC-Council instructor, a GIAC advisory board member, an EC-Council global CISO member, a CEH Hall of Fame holder, a senior IEEE member and has an MSc in Advanced Security and Digital Forensics from Edinburgh Napier University.
Ian Hellen
Ian Hellen
Ian is a Principal Software Engineer in the Microsoft Threat Intelligence Centre (MSTIC). He has worked in security for 20 years and has been with MSTIC for the past 5 years (from infrastructure/network consulting to building compiler plug-ins and authoring detections and detection systems). He's the creator and joint-author/maintainer of MSTICPy - Python CyberSec tools for Jupyter notebooks - and spends most of his time creating notebooks and enhancing and fixing MSTICPy. In the time left over...
Phil Chapman
Phil Chapman
Phil Chapman is a senior instructor. He is responsible for the delivery of a range of courses including official Microsoft, CompTIA, EC Council and BCS official certifications. He is also the subject matter expert and project lead for the bespoke Law Enforcement Cyber Security training packages which are delivered to UK Law Enforcement agencies and forces. He holds a variety of IT Technical and Security qualifications across many fields. Phil spent 23 years in the Royal Air Force as an Intellige...

Join our learners and upskill
in leading technologies